<?php
/*
 * Copyright 2013 by Jerrick Hoang, Ivy Xing, Sam Roberts, James Cook, 
 * Johnny Coster, Judy Yang, Jackson Moniaga, Oliver Radwan, 
 * Maxwell Palmer, Nolan McNair, Taylor Talmage, and Allen Tucker. 
 * This program is part of RMH Homebase, which is free software.  It comes with 
 * absolutely no warranty. You can redistribute and/or modify it under the terms 
 * of the GNU General Public License as published by the Free Software Foundation
 * (see <http://www.gnu.org/licenses/ for more information).
 * 
 */
?>
<!-- Begin Header -->
<style type="text/css">
    h1 {padding-left: 0px; padding-right:165px;}
</style>
<script type="text/javascript" src="lib/jquery-1.9.1.js"></script>
<div id="header">
<!--<br><br><img src="images/forestdale logo.png" align="center"><br>
<h1><br><br>Homebase <br></h1>-->

</div>

<div align="center" id="navigationLinks">

    <?PHP
    //Log-in security
    //If they aren't logged in, display our log-in form.
    if (!isset($_SESSION['logged_in'])) {
        error_log('in header, will display login form');
        include('login_form.php');
        die();
    } else if ($_SESSION['logged_in']) {
        error_log('in header, logged in');
        /*         * Set our permission array.
         * we only have staff permissions
         *
         * If a page is not specified in the permission array, anyone logged into the system
         * can view it. If someone logged into the system attempts to access a page above their
         * permission level, they will be sent back to the home page.
         */
        //pages only managers can view
        $permission_array['index.php']=0;
        $permission_array['personEdit.php'] = 2;
        $permission_array['viewSchedule.php'] = 2;
        $permission_array['addWeek.php'] = 2;
        $permission_array['rmh.php'] = 2;
        $permission_array['log.php'] = 2;
        $permission_array['dataSearch.php'] = 2;
        $permission_array['reports.php'] = 2;
        $permission_array['clinicianEdit.php'] = 2;

        //Check if they're at a valid page for their access level.
     //   $current_page = substr($_SERVER['PHP_SELF'], 1);
        $current_page=  basename($_SERVER['PHP_SELF']);
      
        error_log("current page = ".$current_page);
        error_log('access level is '.$_SESSION['access_level']);
        if ($permission_array[$current_page] > $_SESSION['access_level']) {
            //in this case, the user doesn't have permission to view this page.
            //we redirect them to the index page.
            echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
            //note: if javascript is disabled for a user's browser, it would still show the page.
            //so we die().
            die();
        }

        //This line gives us the path to the html pages in question, useful if the server isn't installed @ root.
        $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));

        //they're logged in and session variables are set.
        if ($_SESSION['access_level'] >= 2) {
            
            echo('<a href="' . $path . 'index.php"><b>Home</b></a>');
            echo(' | <a href="' . $path . 'calendar.php?venue=house">Appointment Calendar</a>');
            echo(' | <a href="' . $path . 'viewSchedule.php?frequency=weekly"><strong>Master Schedule</strong></a> | ');
            echo('<a href="' . $path . 'help.php?helpPage=' . $current_page . '" target="_BLANK"><b>Help</b></a>');        
            echo(' | <a href="' . $path . 'logout.php"><b>Logout</b></a>');
                        
            echo('<br><strong>Clinicians:</strong> <a href="' . $path . 'clinicianSearch.php">search</a>, 
                                <a href="clinicianEdit.php?id=' . 'new' . '">add</a> | ');
            echo('<br><strong>Appointments:</strong> <a href="searchAppointment.php?id=' . 'new' . '">search</a>, 
                                <a href="addAppointment.php?id=' . 'new' . '">add</a> | ');
            
            echo('<strong>Clients:</strong> <a href="' . $path . 'clientSearch.php">search</a>, 
                                <a href="clientEdit.php?id=' . 'new' . '">add</a>');
    }
    }
    ?>
</div>
<!-- End Header -->